News

Cyber Security News
cybersecuritynews. com > citrixbleed-vulnerability-exploited > amp

Citrix Bleed Vulnerability Exploited by Hackers Within 24 Hours of Public Disclosure

7+ hour, 45+ min ago  (443+ words) A threat actor operating from IP 146. 70. 139[.]154 targeted three separate Lupovis sensor deployments in a five-hour window on 30 June to 1 July 2026, ultimately delivering a confirmed CVE-2026-8451 exploitation payload. Notably, this activity is not yet reflected in the CISA Known Exploited Vulnerabilities…...

Symbols: cwe-59
DEV Community
dev. to > coridev > phantom-squatting-when-ai-hallucinated-domains-become-attacker-infrastructure-1i67

Phantom Squatting: When AI Hallucinated Domains Become Attacker Infrastructure

1+ hour, 37+ min ago  (874+ words) Researchers at Palo Alto Networks Unit 42 documented a technique they're calling phantom squatting: attackers register domain names that LLMs consistently hallucinate, then sit back and wait for the traffic. No zero-days. No exotic exploit chains. Just a spreadsheet of domains…...

Symbols: d05.S0,u11.S0,z74.S0,blz.si,5ua.si,wj9.S0
Lifehacker
lifehacker. com > tech > opera-rolled-out-a-way-to-block-clickfix-attacks

Opera Just Rolled Out a Way to Block Click Fix Attacks in Its Browser

8+ hour, 54+ min ago  (491+ words) Lifehacker...

Google News
scworld. com > brief > medtronic-warns-patients-of-data-exposure-following-april-cyberattack

Medtronic warns patients of data exposure following April cyberattack | brief

1+ hour, 55+ min ago  (59+ words) Medtronic warns patients of data exposure following April cyberattack SC Media Medtronic warns patients of data exposure following April cyberattack Aflac Japan data breach affects 4. 38 million customers Nissan confirms employee data exposed in Oracle People Soft cyberattack KDDI discloses data…...

Symbols: btc-usd,nyse:mdt,nasdaq:mmed
Google News
avala. ai > news > agentic-mapreduce-agent-code

Scanning a whole repo with confined LLM workers " Avala Security

3+ hour, 38+ min ago  (1099+ words) We open-sourced a whole-repo security scanner in agent-code. Deterministic selectors shard the tree, then read-only LLM workers investigate each shard under a permission read-scope that a prompt injection in the scanned code cannot escape. Point one LLM agent at a…...

Symbols: sse:when,quote:the,d05.S0,u11.S0,z74.S0,f34.S0
DEV Community
dev. to > kkierii > pamstealer-the-macos-stealer-that-checks-your-password-through-pam-before-stealing-it-4abj

Pam Stealer: the mac OS stealer that checks your password through PAM before stealing it

1+ hour, 53+ min ago  (668+ words) Someone double-clicks what they think is Maccy, a clipboard manager, and gets a mac OS password prompt: "Maccy wants to make changes." They type it in. Most infostealers would grab whatever you typed and run. This one validates it against…...

VMblog
vmblog. com > bylines > windows-finally-removed-update-friction-now-comes-the-harder-part

Windows finally removed update friction - now comes the harder part

9+ hour, 23+ min ago  (280+ words) Lorem ipsum dolor ist amte, consectetuer adipiscing eilt. Aenean commodo ligula egget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quak felis, ultricies nec, pellentesque eu, pretium quid, sem. Microsoft is changing…...

DEV Community
dev. to > soytuber > linux-luks-vulnerability-android-developer-verification-threat-github-secret-scanning-guide-2hm6

Linux LUKS Vulnerability, Android Developer Verification Threat, Git Hub Secret Scanning Guide

2+ hour, 47+ min ago  (1307+ words) Today's Highlights This week's top security news features a critical data leakage bug in Linux LUKS disk encryption, a deceptive new threat leveraging Android developer verification, and Git Hub's practical guide to managing secret scanning alerts at scale. These stories…...

Symbols: cert-in
Penligent
penligent. ai > hackinglabs > es > openstamanager-2-9-8-exploit

Open STAManager 2. 9. 8 Exploit Risk, SQL Injection Clusters and Privilege Escalation

3+ hour, 21+ min ago  (1648+ words) A useful way to read the public information is to group the issues by weakness pattern rather than by CVE number alone. The Open STAManager 2. 9. 8 exploit surface is not one route. It is a set of recurring implementation mistakes: That…...

Symbols: cwe-78,cwe-89
SC Media
scworld. com > news > 1st-agentic-ransomware-jadepuffer-invades-database-at-machine-speed

1st "agentic ransomware" JADEPUFFER invades database at machine speed

2+ hour, 42+ min ago  (74+ words) SC Media 1st "agentic ransomware" JADEPUFFER invades database at machine speed An In-Depth Guide to Ransomware 4 ways to combat the endless stream of phishing attacks New Choco Po C trojan targets security researchers with fake exploit code Aflac Japan data breach…...

Symbols: btc-usd,^n2250,eth-usd